Formatting of Kconfig files doesn't look so pretty, so let the Great White Handkerchief come around and clean it up. Signed-off-by: Enrico Weigelt, metux IT consult <info@xxxxxxxxx> --- security/integrity/ima/Kconfig | 64 +++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index a18f8c6..416b724 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -34,12 +34,12 @@ config IMA_KEXEC depends on IMA && TCG_TPM && HAVE_IMA_KEXEC default n help - TPM PCRs are only reset on a hard reboot. In order to validate - a TPM's quote after a soft boot, the IMA measurement list of the - running kernel must be saved and restored on boot. + TPM PCRs are only reset on a hard reboot. In order to validate + a TPM's quote after a soft boot, the IMA measurement list of the + running kernel must be saved and restored on boot. - Depending on the IMA policy, the measurement list can grow to - be very large. + Depending on the IMA policy, the measurement list can grow to + be very large. config IMA_MEASURE_PCR_IDX int @@ -91,10 +91,10 @@ choice default IMA_DEFAULT_HASH_SHA1 depends on IMA help - Select the default hash algorithm used for the measurement - list, integrity appraisal and audit log. The compiled default - hash algorithm can be overwritten using the kernel command - line 'ima_hash=' option. + Select the default hash algorithm used for the measurement + list, integrity appraisal and audit log. The compiled default + hash algorithm can be overwritten using the kernel command + line 'ima_hash=' option. config IMA_DEFAULT_HASH_SHA1 bool "SHA1 (default)" @@ -138,9 +138,9 @@ config IMA_READ_POLICY default y if IMA_WRITE_POLICY default n if !IMA_WRITE_POLICY help - It is often useful to be able to read back the IMA policy. It is - even more important after introducing CONFIG_IMA_WRITE_POLICY. - This option allows the root user to see the current policy rules. + It is often useful to be able to read back the IMA policy. It is + even more important after introducing CONFIG_IMA_WRITE_POLICY. + This option allows the root user to see the current policy rules. config IMA_APPRAISE bool "Appraise integrity measurements" @@ -158,12 +158,12 @@ config IMA_APPRAISE If unsure, say N. config IMA_ARCH_POLICY - bool "Enable loading an IMA architecture specific policy" - depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS - default n - help - This option enables loading an IMA architecture specific policy - based on run time secure boot flags. + bool "Enable loading an IMA architecture specific policy" + depends on KEXEC_VERIFY_SIG || IMA_APPRAISE && INTEGRITY_ASYMMETRIC_KEYS + default n + help + This option enables loading an IMA architecture specific policy + based on run time secure boot flags. config IMA_APPRAISE_BUILD_POLICY bool "IMA build time configured policy rules" @@ -238,10 +238,10 @@ config IMA_TRUSTED_KEYRING select INTEGRITY_TRUSTED_KEYRING default y help - This option requires that all keys added to the .ima - keyring be signed by a key on the system trusted keyring. + This option requires that all keys added to the .ima + keyring be signed by a key on the system trusted keyring. - This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING + This option is deprecated in favor of INTEGRITY_TRUSTED_KEYRING config IMA_KEYRINGS_PERMIT_SIGNED_BY_BUILTIN_OR_SECONDARY bool "Permit keys validly signed by a built-in or secondary CA cert (EXPERIMENTAL)" @@ -266,32 +266,32 @@ config IMA_BLACKLIST_KEYRING depends on IMA_TRUSTED_KEYRING default n help - This option creates an IMA blacklist keyring, which contains all - revoked IMA keys. It is consulted before any other keyring. If - the search is successful the requested operation is rejected and - an error is returned to the caller. + This option creates an IMA blacklist keyring, which contains all + revoked IMA keys. It is consulted before any other keyring. If + the search is successful the requested operation is rejected and + an error is returned to the caller. config IMA_LOAD_X509 bool "Load X509 certificate onto the '.ima' trusted keyring" depends on IMA_TRUSTED_KEYRING default n help - File signature verification is based on the public keys - loaded on the .ima trusted keyring. These public keys are - X509 certificates signed by a trusted key on the - .system keyring. This option enables X509 certificate - loading from the kernel onto the '.ima' trusted keyring. + File signature verification is based on the public keys + loaded on the .ima trusted keyring. These public keys are + X509 certificates signed by a trusted key on the + .system keyring. This option enables X509 certificate + loading from the kernel onto the '.ima' trusted keyring. config IMA_X509_PATH string "IMA X509 certificate path" depends on IMA_LOAD_X509 default "/etc/keys/x509_ima.der" help - This option defines IMA X509 certificate path. + This option defines IMA X509 certificate path. config IMA_APPRAISE_SIGNED_INIT bool "Require signed user-space initialization" depends on IMA_LOAD_X509 default n help - This option requires user-space init to be signed. + This option requires user-space init to be signed. -- 1.9.1
